# Copyright (C) 2009-2014 MongoDB, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# The default test database for all specs.
#
# @since 2.0.0
TEST_DB = 'ruby-driver'.freeze
# The default test collection.
#
# @since 2.0.0
TEST_COLL = 'test'.freeze
# The seed addresses to be used when creating a client.
#
# @since 2.0.0
ADDRESSES = ENV['MONGODB_ADDRESSES'] ? ENV['MONGODB_ADDRESSES'].split(',').freeze :
[ '127.0.0.1:27017' ].freeze
# A default address to use in tests.
#
# @since 2.0.0
DEFAULT_ADDRESS = ADDRESSES.first
# The topology type.
#
# @since 2.0.0
CONNECT = ENV['RS_ENABLED'] == 'true' ? :replica_set.freeze :
ENV['SHARDED_ENABLED'] == 'true' ? :sharded.freeze :
:direct.freeze
# The write concern to use in the tests.
#
# @since 2.0.0
WRITE_CONCERN = (CONNECT == :replica_set) ? { w: ADDRESSES.size } : { w: 1 }
# Whether to use SSL.
#
# @since 2.0.3
SSL = ENV['SSL_ENABLED'] == 'true'
# Options for test suite clients.
#
# @since 2.0.3
TEST_OPTIONS = { max_pool_size: 1,
write: WRITE_CONCERN,
ssl: SSL }
# The root user name.
#
# @since 2.0.0
ROOT_USER_NAME = ENV['ROOT_USER_NAME'] || 'root-user'
# The root user password.
#
# @since 2.0.0
ROOT_USER_PWD = ENV['ROOT_USER_PWD'] || 'password'
# Gets the root system administrator user.
#
# @since 2.0.0
ROOT_USER = Mongo::Auth::User.new(
user: ROOT_USER_NAME,
password: ROOT_USER_PWD,
roles: [
Mongo::Auth::Roles::USER_ADMIN_ANY_DATABASE,
Mongo::Auth::Roles::DATABASE_ADMIN_ANY_DATABASE,
Mongo::Auth::Roles::READ_WRITE_ANY_DATABASE,
Mongo::Auth::Roles::HOST_MANAGER
]
)
# Get the default test user for the suite on versions 2.6 and higher.
#
# @since 2.0.0
TEST_USER = Mongo::Auth::User.new(
database: Mongo::Database::ADMIN,
user: 'test-user',
password: 'password',
roles: [
{ role: Mongo::Auth::Roles::READ_WRITE, db: TEST_DB },
{ role: Mongo::Auth::Roles::DATABASE_ADMIN, db: TEST_DB },
{ role: Mongo::Auth::Roles::READ_WRITE, db: 'invalid_database' },
{ role: Mongo::Auth::Roles::DATABASE_ADMIN, db: 'invalid_database' }
]
)
# MongoDB 2.4 and lower does not allow hashes as roles, so we need to create a
# user on those versions for each database permission in order to ensure the
# legacy roles work with users. The following users are those.
# Gets the default test user for the suite on 2.4 and lower.
#
# @since 2.0.
TEST_READ_WRITE_USER = Mongo::Auth::User.new(
database: TEST_DB,
user: 'test-user',
password: 'password',
roles: [ Mongo::Auth::Roles::READ_WRITE, Mongo::Auth::Roles::DATABASE_ADMIN ]
)
# Provides an authorized mongo client on the default test database for the
# default test user.
#
# @since 2.0.0
AUTHORIZED_CLIENT = Mongo::Client.new(
ADDRESSES,
TEST_OPTIONS.merge(
database: TEST_DB,
user: TEST_USER.name,
password: TEST_USER.password)
)
# Provides an unauthorized mongo client on the default test database.
#
# @since 2.0.0
UNAUTHORIZED_CLIENT = Mongo::Client.new(
ADDRESSES,
TEST_OPTIONS.merge(
database: TEST_DB)
)
# Provides an unauthorized mongo client on the admin database, for use in
# setting up the first admin root user.
#
# @since 2.0.0
ADMIN_UNAUTHORIZED_CLIENT = Mongo::Client.new(
ADDRESSES,
TEST_OPTIONS.merge(
database: Mongo::Database::ADMIN)
)
# Get an authorized client on the test database logged in as the admin
# root user.
#
# @since 2.0.0
ADMIN_AUTHORIZED_TEST_CLIENT = ADMIN_UNAUTHORIZED_CLIENT.with(
user: ROOT_USER.name,
password: ROOT_USER.password,
database: TEST_DB,
auth_source: Mongo::Database::ADMIN
)
module Authorization
# On inclusion provides helpers for use with testing with and without
# authorization.
#
#
# @since 2.0.0
def self.included(context)
# Gets the root system administrator user.
#
# @since 2.0.0
context.let(:root_user) { ROOT_USER }
# Get the default test user for the suite.
#
# @since 2.0.0
context.let(:test_user) { TEST_USER }
# Provides an authorized mongo client on the default test database for the
# default test user.
#
# @since 2.0.0
context.let(:authorized_client) { AUTHORIZED_CLIENT }
# Provides an unauthorized mongo client on the default test database.
#
# @since 2.0.0
context.let!(:unauthorized_client) { UNAUTHORIZED_CLIENT }
# Provides an unauthorized mongo client on the admin database, for use in
# setting up the first admin root user.
#
# @since 2.0.0
context.let!(:admin_unauthorized_client) { ADMIN_UNAUTHORIZED_CLIENT }
# Get an authorized client on the test database logged in as the admin
# root user.
#
# @since 2.0.0
context.let!(:root_authorized_client) { ADMIN_AUTHORIZED_TEST_CLIENT }
# Gets the default test collection from the authorized client.
#
# @since 2.0.0
context.let(:authorized_collection) do
authorized_client[TEST_COLL]
end
# Gets the default test collection from the unauthorized client.
#
# @since 2.0.0
context.let(:unauthorized_collection) do
unauthorized_client[TEST_COLL]
end
# Gets a primary server for the default authorized client.
#
# @since 2.0.0
context.let(:authorized_primary) do
authorized_client.cluster.next_primary
end
# Get a primary server for the client authorized as the root system
# administrator.
#
# @since 2.0.0
context.let(:root_authorized_primary) do
root_authorized_client.cluster.next_primary
end
# Get a primary server from the unauthorized client.
#
# @since 2.0.0
context.let(:unauthorized_primary) do
authorized_client.cluster.next_primary
end
end
end